Update to Drupal 8.2.6. For more information, see https://www.drupal.org/project/drupal/releases/8.2.6
This commit is contained in:
Pantheon Automation
Greg Anderson
parent
db56c09587
commit
f1e72395cb
588 changed files with 26857 additions and 2777 deletions
121
vendor/symfony/http-foundation/Request.php
vendored
121
vendor/symfony/http-foundation/Request.php
vendored
|
|
@ -11,6 +11,7 @@
|
|||
|
||||
namespace Symfony\Component\HttpFoundation;
|
||||
|
||||
use Symfony\Component\HttpFoundation\Exception\ConflictingHeadersException;
|
||||
use Symfony\Component\HttpFoundation\Session\SessionInterface;
|
||||
|
||||
/**
|
||||
|
|
@ -260,7 +261,7 @@ class Request
|
|||
/**
|
||||
* Creates a new request with values from PHP's super globals.
|
||||
*
|
||||
* @return Request A new request
|
||||
* @return static
|
||||
*/
|
||||
public static function createFromGlobals()
|
||||
{
|
||||
|
|
@ -303,7 +304,7 @@ class Request
|
|||
* @param array $server The server parameters ($_SERVER)
|
||||
* @param string $content The raw body data
|
||||
*
|
||||
* @return Request A Request instance
|
||||
* @return static
|
||||
*/
|
||||
public static function create($uri, $method = 'GET', $parameters = array(), $cookies = array(), $files = array(), $server = array(), $content = null)
|
||||
{
|
||||
|
|
@ -421,7 +422,7 @@ class Request
|
|||
* @param array $files The FILES parameters
|
||||
* @param array $server The SERVER parameters
|
||||
*
|
||||
* @return Request The duplicated request
|
||||
* @return static
|
||||
*/
|
||||
public function duplicate(array $query = null, array $request = null, array $attributes = null, array $cookies = null, array $files = null, array $server = null)
|
||||
{
|
||||
|
|
@ -553,7 +554,7 @@ class Request
|
|||
/**
|
||||
* Gets the list of trusted proxies.
|
||||
*
|
||||
* @return array An array of trusted proxies.
|
||||
* @return array An array of trusted proxies
|
||||
*/
|
||||
public static function getTrustedProxies()
|
||||
{
|
||||
|
|
@ -579,7 +580,7 @@ class Request
|
|||
/**
|
||||
* Gets the list of trusted host patterns.
|
||||
*
|
||||
* @return array An array of trusted host patterns.
|
||||
* @return array An array of trusted host patterns
|
||||
*/
|
||||
public static function getTrustedHosts()
|
||||
{
|
||||
|
|
@ -717,7 +718,7 @@ class Request
|
|||
* Note: Finding deep items is deprecated since version 2.8, to be removed in 3.0.
|
||||
*
|
||||
* @param string $key the key
|
||||
* @param mixed $default the default value
|
||||
* @param mixed $default the default value if the parameter key does not exist
|
||||
* @param bool $deep is parameter deep in multidimensional array
|
||||
*
|
||||
* @return mixed
|
||||
|
|
@ -811,41 +812,34 @@ class Request
|
|||
return array($ip);
|
||||
}
|
||||
|
||||
if (self::$trustedHeaders[self::HEADER_FORWARDED] && $this->headers->has(self::$trustedHeaders[self::HEADER_FORWARDED])) {
|
||||
$hasTrustedForwardedHeader = self::$trustedHeaders[self::HEADER_FORWARDED] && $this->headers->has(self::$trustedHeaders[self::HEADER_FORWARDED]);
|
||||
$hasTrustedClientIpHeader = self::$trustedHeaders[self::HEADER_CLIENT_IP] && $this->headers->has(self::$trustedHeaders[self::HEADER_CLIENT_IP]);
|
||||
|
||||
if ($hasTrustedForwardedHeader) {
|
||||
$forwardedHeader = $this->headers->get(self::$trustedHeaders[self::HEADER_FORWARDED]);
|
||||
preg_match_all('{(for)=("?\[?)([a-z0-9\.:_\-/]*)}', $forwardedHeader, $matches);
|
||||
$clientIps = $matches[3];
|
||||
} elseif (self::$trustedHeaders[self::HEADER_CLIENT_IP] && $this->headers->has(self::$trustedHeaders[self::HEADER_CLIENT_IP])) {
|
||||
$clientIps = array_map('trim', explode(',', $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_IP])));
|
||||
$forwardedClientIps = $matches[3];
|
||||
|
||||
$forwardedClientIps = $this->normalizeAndFilterClientIps($forwardedClientIps, $ip);
|
||||
$clientIps = $forwardedClientIps;
|
||||
}
|
||||
|
||||
$clientIps[] = $ip; // Complete the IP chain with the IP the request actually came from
|
||||
$firstTrustedIp = null;
|
||||
if ($hasTrustedClientIpHeader) {
|
||||
$xForwardedForClientIps = array_map('trim', explode(',', $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_IP])));
|
||||
|
||||
foreach ($clientIps as $key => $clientIp) {
|
||||
// Remove port (unfortunately, it does happen)
|
||||
if (preg_match('{((?:\d+\.){3}\d+)\:\d+}', $clientIp, $match)) {
|
||||
$clientIps[$key] = $clientIp = $match[1];
|
||||
}
|
||||
|
||||
if (!filter_var($clientIp, FILTER_VALIDATE_IP)) {
|
||||
unset($clientIps[$key]);
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
if (IpUtils::checkIp($clientIp, self::$trustedProxies)) {
|
||||
unset($clientIps[$key]);
|
||||
|
||||
// Fallback to this when the client IP falls into the range of trusted proxies
|
||||
if (null === $firstTrustedIp) {
|
||||
$firstTrustedIp = $clientIp;
|
||||
}
|
||||
}
|
||||
$xForwardedForClientIps = $this->normalizeAndFilterClientIps($xForwardedForClientIps, $ip);
|
||||
$clientIps = $xForwardedForClientIps;
|
||||
}
|
||||
|
||||
// Now the IP chain contains only untrusted proxies and the client IP
|
||||
return $clientIps ? array_reverse($clientIps) : array($firstTrustedIp);
|
||||
if ($hasTrustedForwardedHeader && $hasTrustedClientIpHeader && $forwardedClientIps !== $xForwardedForClientIps) {
|
||||
throw new ConflictingHeadersException('The request has both a trusted Forwarded header and a trusted Client IP header, conflicting with each other with regards to the originating IP addresses of the request. This is the result of a misconfiguration. You should either configure your proxy only to send one of these headers, or configure Symfony to distrust one of them.');
|
||||
}
|
||||
|
||||
if (!$hasTrustedForwardedHeader && !$hasTrustedClientIpHeader) {
|
||||
return $this->normalizeAndFilterClientIps(array(), $ip);
|
||||
}
|
||||
|
||||
return $clientIps;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1402,7 +1396,7 @@ class Request
|
|||
/**
|
||||
* Sets the request format.
|
||||
*
|
||||
* @param string $format The request format.
|
||||
* @param string $format The request format
|
||||
*/
|
||||
public function setRequestFormat($format)
|
||||
{
|
||||
|
|
@ -1466,7 +1460,7 @@ class Request
|
|||
/**
|
||||
* Checks if the request method is of specified type.
|
||||
*
|
||||
* @param string $method Uppercase request method (GET, POST etc).
|
||||
* @param string $method Uppercase request method (GET, POST etc)
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
|
|
@ -1478,9 +1472,25 @@ class Request
|
|||
/**
|
||||
* Checks whether the method is safe or not.
|
||||
*
|
||||
* @see https://tools.ietf.org/html/rfc7231#section-4.2.1
|
||||
*
|
||||
* @param bool $andCacheable Adds the additional condition that the method should be cacheable. True by default.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function isMethodSafe()
|
||||
public function isMethodSafe(/* $andCacheable = true */)
|
||||
{
|
||||
return in_array($this->getMethod(), 0 < func_num_args() && !func_get_arg(0) ? array('GET', 'HEAD', 'OPTIONS', 'TRACE') : array('GET', 'HEAD'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks whether the method is cacheable or not.
|
||||
*
|
||||
* @see https://tools.ietf.org/html/rfc7231#section-4.2.3
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function isMethodCacheable()
|
||||
{
|
||||
return in_array($this->getMethod(), array('GET', 'HEAD'));
|
||||
}
|
||||
|
|
@ -1490,7 +1500,7 @@ class Request
|
|||
*
|
||||
* @param bool $asResource If true, a resource will be returned
|
||||
*
|
||||
* @return string|resource The request body content or a resource to read the body stream.
|
||||
* @return string|resource The request body content or a resource to read the body stream
|
||||
*
|
||||
* @throws \LogicException
|
||||
*/
|
||||
|
|
@ -1528,7 +1538,7 @@ class Request
|
|||
return stream_get_contents($this->content);
|
||||
}
|
||||
|
||||
if (null === $this->content) {
|
||||
if (null === $this->content || false === $this->content) {
|
||||
$this->content = file_get_contents('php://input');
|
||||
}
|
||||
|
||||
|
|
@ -1676,7 +1686,7 @@ class Request
|
|||
* It works if your JavaScript library sets an X-Requested-With HTTP header.
|
||||
* It is known to work with common JavaScript frameworks:
|
||||
*
|
||||
* @link http://en.wikipedia.org/wiki/List_of_Ajax_frameworks#JavaScript
|
||||
* @see http://en.wikipedia.org/wiki/List_of_Ajax_frameworks#JavaScript
|
||||
*
|
||||
* @return bool true if the request is an XMLHttpRequest, false otherwise
|
||||
*/
|
||||
|
|
@ -1936,4 +1946,35 @@ class Request
|
|||
{
|
||||
return self::$trustedProxies && IpUtils::checkIp($this->server->get('REMOTE_ADDR'), self::$trustedProxies);
|
||||
}
|
||||
|
||||
private function normalizeAndFilterClientIps(array $clientIps, $ip)
|
||||
{
|
||||
$clientIps[] = $ip; // Complete the IP chain with the IP the request actually came from
|
||||
$firstTrustedIp = null;
|
||||
|
||||
foreach ($clientIps as $key => $clientIp) {
|
||||
// Remove port (unfortunately, it does happen)
|
||||
if (preg_match('{((?:\d+\.){3}\d+)\:\d+}', $clientIp, $match)) {
|
||||
$clientIps[$key] = $clientIp = $match[1];
|
||||
}
|
||||
|
||||
if (!filter_var($clientIp, FILTER_VALIDATE_IP)) {
|
||||
unset($clientIps[$key]);
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
if (IpUtils::checkIp($clientIp, self::$trustedProxies)) {
|
||||
unset($clientIps[$key]);
|
||||
|
||||
// Fallback to this when the client IP falls into the range of trusted proxies
|
||||
if (null === $firstTrustedIp) {
|
||||
$firstTrustedIp = $clientIp;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Now the IP chain contains only untrusted proxies and the client IP
|
||||
return $clientIps ? array_reverse($clientIps) : array($firstTrustedIp);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue